CVE-2018-25146

HIGH

Microhard Systems IPn4G 1.1.0 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-25146. PoCs published by LiquidWorm.

AI-analyzed exploit summary This exploit demonstrates a DoS vulnerability in Microhard Systems' cellular gateways by sending arbitrary signals to processes via an undocumented CGI endpoint. It requires authentication and can be triggered via CSRF.

Description

Microhard Systems IPn4G 1.1.0 contains an undocumented vulnerability that allows authenticated attackers to list and manipulate running system processes. Attackers can send arbitrary signals to kill background processes and system services through a hidden feature, potentially causing service disruption and requiring device restart.

Exploits (1)

exploitdb WORKING POC

by LiquidWorm · textdoshardware

https://www.exploit-db.com/exploits/45035

View Code ZIP pw:eip

This exploit demonstrates a DoS vulnerability in Microhard Systems' cellular gateways by sending arbitrary signals to processes via an undocumented CGI endpoint. It requires authentication and can be triggered via CSRF.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Microhard Systems IPn4G, IPn3Gb, VIP4Gb, Bullet-3G, Dragon-LTE (multiple versions)

Auth required

Prerequisites: Authenticated access to the device's web interface · Network access to the target device

MITRE ATT&CK

T1499 - Endpoint Denial of Service T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit exploit

https://www.exploit-db.com/exploits/45035

Product product

http://www.microhardcorp.com

Exploit, Third Party Advisory third-party-advisory

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5481.php

Scores

CVSS v3 8.1

EPSS 0.0041

EPSS Percentile 32.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-863

Status published

Products (12)

microhardcorp/bullet-3g_firmware 1.2.0 reva_build1032 (2 CPE variants)

microhardcorp/bullet-lte_firmware 1.2.0 build1078

microhardcorp/bulletplus_firmware 1.3.0 build1036

microhardcorp/dragon-lte_firmware 1.1.0 build1036

microhardcorp/ipn3gb_firmware 2.2.0 build2160

microhardcorp/ipn3gii_firmware 1.2.0 build1076

microhardcorp/ipn4g_firmware 1.1.0 build1098

microhardcorp/ipn4gb_firmware 1.1.6 build1184-14

microhardcorp/ipn4gb_firmware 1.1.0 rev2_build1090-2 (2 CPE variants)

microhardcorp/ipn4gii_firmware 1.2.0 build1078

... and 2 more

Published Dec 24, 2025

Tracked Since Feb 18, 2026